General
-
Target
c65a6378fc0598b7dbce7c5c7da02e168c7a7a68ca85085eb86b2bca076fa834
-
Size
1.6MB
-
Sample
221126-y82zysfd6w
-
MD5
946fe5fe68faf24c5797c25e5bcb49e0
-
SHA1
c0dff732a3f1f132a72187d5fc2192737e813928
-
SHA256
c65a6378fc0598b7dbce7c5c7da02e168c7a7a68ca85085eb86b2bca076fa834
-
SHA512
99ab38b6379f2105b5b1f20e96613b20ded004f822a4c893cd4e2e17968ae5650a57898db01be4055226afaa03e54901c576f54eca85662e3b37c71b924dbb4c
-
SSDEEP
24576:IpDXgeS+hlgOFc+k5T+IBLXCgxIo1RtFLUUbYkMJ3IvNcaLLh++woOs6s2E+:mjgkhlgOK/lIonLhbpMRIvyaZO8+
Static task
static1
Behavioral task
behavioral1
Sample
c65a6378fc0598b7dbce7c5c7da02e168c7a7a68ca85085eb86b2bca076fa834.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
c65a6378fc0598b7dbce7c5c7da02e168c7a7a68ca85085eb86b2bca076fa834
-
Size
1.6MB
-
MD5
946fe5fe68faf24c5797c25e5bcb49e0
-
SHA1
c0dff732a3f1f132a72187d5fc2192737e813928
-
SHA256
c65a6378fc0598b7dbce7c5c7da02e168c7a7a68ca85085eb86b2bca076fa834
-
SHA512
99ab38b6379f2105b5b1f20e96613b20ded004f822a4c893cd4e2e17968ae5650a57898db01be4055226afaa03e54901c576f54eca85662e3b37c71b924dbb4c
-
SSDEEP
24576:IpDXgeS+hlgOFc+k5T+IBLXCgxIo1RtFLUUbYkMJ3IvNcaLLh++woOs6s2E+:mjgkhlgOK/lIonLhbpMRIvyaZO8+
-
Gh0st RAT payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets service image path in registry
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-